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We would like to discuss the proposed changes to the claims and any poss? 
interpretation and nuances of the proposed claim limitations. 

The claims as amended overcome the Office Action rejections because: 

L The claims do not rely on the administrator personal knowledge of members being 
trusted individuals as every trusted individual is in a list stored in a computer readable 
medium. 

2. The claims do not rely on an administrator to periodically, manually enter commands 
into the computer to output the group names and their privilege levels, as the program 
does all this automatically and it is scheduled for periodic execution to avoid manual 
execution. 

3. The term "erroneously" has been added to the claims to narrow the claims to the 
specific instance where the computer program looks for members who erroneously 
belong to a group. 

4. The term "level" has been replaced by the term "access" to narrow the claims. 
Access refers to a privilege to use computer information in some manner. For 
example, a user might be granted read access to a file, meaning that the user can read 
the file but cannot modify or delete it. Most operating systems have several different 
types of access privileges that can be granted or denied to specific users or groups of 
users. Level has the broader meaning of relating to the division of persons or things 
by quality, rank, or grade. 

5. The new claims do a better job in reflecting the concept of two lists. One that 
contains "a list of names for user access privilege groups" (Claim 1) and another one 
that contains "a list of names for higher access privilege groups (Claim 3). 
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PROPOSED CLAIMS 
April 22, 2008 

1 . (Amended) A computer program product for determining if a«y member of a plurality of 
groups4aay4^^ said member not on a list of trusted 

iMvldu^^ron^jisly belongs Jo a .group with a high e r privileg e acce ss, said computer 
program product comprising: 

a computer readable medium; 

first program instructions w hich upon execution cause a computer to compare members 
witten -ea e hrof said groups to athe list of trusted individuals , and determin e wh ich members are 
not on t he list of tru sted i ndividuals, said list b ei ng stored in the computer readable medium : 

second program instructions wMch_u ppn executio n cause the computer to determine if 
any groups with a* aetod-privilege leve taccess higher than user tevel access privilege 
erroneouslv,have a member not on the list of trusted individuals, and if so, generate a report 
identifying said at least one member tteHHHhe^ the group in which 

said at least one member is a member; and 

third program instructions wliich ufton execution cause the com puter t o determine if any 
group with aw ae*«al-privilege kvekecess higher than user tev ^accegs privilege,, unexpectedly 
has a group name found on a-Jist of -names for u s er access -privilege ^ oupsnam^^^ftUy^^l 
fef^gyo up with ' Us ey -tov e J privileg e, insieadof hav in g a group name ijen ; ^Jyji^JgOLegMB 
with higher access privilege, and if so, generate a report that said group with the higher a<5fc*a* 
pw*4}<a^ privilege has a group name generally used for a group with user Jewtoft S s S 

privilege, saeh^aH^^ 



PAGE 4/14 * RCVD AT 4/22/2008 3:22:46 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-6/21 * DNIS:2738300 * CSID:CHRIST0PHER WEISBERG * DURATION (mm-ss):02-1 2 



2008-04-22 15:23 CHRISTOPHER WEISBERG 954-828-9122 » USPTO P 5/14 

e^^^erally-^ further identi Fvi ng 

each member as trusted or not trusted; and wkeme 
\ said first, second and third program instructions are recorded on said medium and s ai d 

.first, second and third program instructions are scheduled for automatic periodic execution^ 

| 2. (Amended) A computer program product as set forth in eteaa Claim 1 wherein there are a 
plurality of applications or application instances, and a same group can be assigned different 
privilege Jevekccess for involvement with different applications or application instances; and 
said third program instructions makes its determination separately for each application or 
application instance. 

3 . (Amended) A computer program product as set forth in ekHfftClaim 1 further comprising: 

fourth program instructions to determine if any groups with *m actual -privilege 
tevetaccess higher than user tevekec ess privilege, unexpectedly does not have a group name****, 
foundon a Ust of najn^^ 

with t h o higher lov e ^wilege , and if so, generate a report that said group with the higher tmmi 
ppiv-Uei^4e\^k\ccess pnyjlgjgg has- does not have a group name fK^t^v^s^^g^wpn^w^ 
ge wraUy iiaed -feK- a - aroiii) \vH te4h€ ^eneral lv used for a group with higher teve kecess privilege, 

each member as trusted or not trusted; and wher-em 

said fourth program instructions are recorded on said medium. 
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4. (Amended) A computer program product as set forth in eClaim 1 wherein said second 
program instructions determine if any group with an aettidJ-privilege ieve taccess higher than user 
teve kiccess privilege have all of its members on the list of trusted individuals, and if so, generate 
a report that said group with the higher actual privilege teve kiccess has all its members on the list 
of trusted individuals. 

5. (Amended) A computer program product as set forth in eClaim 1 further comprising fourth 
program instructions to determine if all the members of said groups with the higher aetual 
privilege having a group name generally used for a group with user •ksvekiccess privilege are on 
the list of trusted individuals; and wherein said fourth program instructions are recorded on said 
medium. 

6. (Amended) A computer system for determining if any- member of a plurality of groups may 
have an improper-aei-ttal lev^laccess of privilege, said computer system comprising: 

means for comparing members w^ifKsaeb-of said groups to a list of trusted individuals; 
means for determining if any groups with aft-a<*te4 privilege levelaccess higher than user 
tevdfaccgss privilege erroneously have a member jKyNm-who does nut appear on the list of 
trusted individuals, and if so, generate a report identifying said at least one member not on the 
list of trusted individuals and the group in which said at least one member is a member; and 

means for determining if any group with a n actual privilege tevd kuxess higher than user 
levelaccess privilege unexpectedly has a group name found on a list of group-names generally 



generally used for a gr oup, with higher access privile ge, and if so, generate a report that said 




h -for u ser kvet acccss privilege groups, instead of having a group name 
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group with the higher a^twJ-p^ p rivilege h as a group name generally used for 

a group with user teve toccess privilege, mtih that the member s of a aid groups with the higher 

feveeteetond Jurdier Jdjan t.UVing each member as trusted or not trusted. 

7. (Amended) A computer system as set forth in ^Claim 6 wherein there are a plurality of 
applications or application instances, and a same group can be assigned different privilege 
jeve laccess s for involvement with different applications or application instances; and said means 
for determining if any group with an aerial privilege tevdi a ccess higher than user tevekccess 
privilege has a group name generally used for a group with user level -access privilege makes its 
determination separately for each application or application instance. 

8. (Amended) A computer system as set forth in eClaim. 6 further comprising: 

means for determining if any groups with an actual privilege tow toccess higher than user 
tew taccess privilege have a group name not on a list of group names generally used for a group 
with the higher tevelaccess privilege, and if so, generate a report that said group with the higher 
aetafl^ri^ilfeg^l«vetaccess -privi lege has a group name not generally used for a group with the 
higher 4evekiccess privilege, aadH ha t -th e m e mbers of Q uid groups with the Mgh e r aotual 

revealed and further identifying each member as trusted or not trusted. 

9. (Amended) A computer system as set forth in eCIaim 6 wherein said means for determining 
if any groups with a*i-aete4 privilege levelacccss higher than user tevet access privilege have a 
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member not on the list of trusted individuals, determines if any group with an aeti-ial-privilege 
terokccess higher than user 4eve feicccss privilege haws all of its members on the list of trusted 
individuals, and if so, generates a report that said group with the higher Mttul-fwwftlege 
fevelaccess privilege has all its members on the list of trusted individuals. 

10. (Amended) A computer system as set forth in eClaim 6 further comprising means for 
determining if all the members of said groups with the higher aetaal-access jprivilege having a 
group name generally used for a group with user ievelaccess privilege are on the list of trusted 
individuals. 

1 1 . (Amended) A computer program product for determining if a*w-a member o f a plurality of 
groups may have an improper actual Ievel access of privilege, said computer program product 
comprising: 

a computer readable medium; 

te£4ed^M^4A^ progra m instructions which upon execution cause a computer to 
LQlXmam^^ to a lisrof trusted individuals, and .detgriTiines 

which me mbers are not on the li st of trusted indi viduals, said list being stored in a computer 
readable medium; 

saeo^jfrFftgma ^ if any g Fe^p s - witli an actual -^v ilege l e vel 

geaer-ate- a - reporl identifying -said ^l e a - at one mem ber^ ftet - en the list oft - lrust o d individuals a n d 
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any groups with a pri vi lege access higher than yger ac cess privilege erroneously have a member 
aoLQnjhg list oftrusialij^iykf itai^ and if so. generat e a report identifyin g said at least one 
ffifimbSL and the gro up in which said at least on e member is a member: and 

third program instructions Muc^upon execution cause the comp uter to determine if any 
groups with MHiotuQ] privilege teveiaccess higher than user tevrf access privileg e. .unexpectedly 
docs nothave a group name «^ lmmion a list of grwp-riames gmeml4)H»e4-for a^wp-witl* 
tee-higher tevelaccess privilege groups, and if so, generate a report that said group with the 
higher wtaal privilege ^ve+acccss has a group name not generally used for a group with the 
higher kvetoccess privilege, ouch that t h o mem b ers of said groups with the high e r a&m t 

reve^anrt^^ each mgmbgr as trusted w not trusted; «n<W**f^ 1 

said firsL second and third program instructions are recorded on said medium and said 
first, second and third p rogra m ins truction s are scheduled for aifl pnifltic periodic ^.mimi 

12. (Amended) A computer program product as set forth in atet mClwrn 1 1 wherein there are a 
plurality of applications or application instances, and a same group can be assigned different 
privilege tevefaccess for involvement with different applications or application instances; and 
said third program instructions makes its determination separately for each application or 
application instance. 
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13. (Amended) A computer program product as set forth in etaimClaim 1 l^-whe^efe-said 
second program instructions determine if any group with a^a^t4 privilege teve fctecess higher 
than user ^eiaccesj; privilege haves all of its members on the list of trusted individuals, and if 
so, generate a report that said group with the to^lt^p riviloqc levol hjgher privilege access has all 
its members on the list of trusted individuals. 

14. (Amended) A computer program product as set forth in ekwClaim 1 1 further comprising 
fourth program instructions to determine if all the members of said group with the higher actual 
privilege having a group name not generally used for a group with higher 4ewl-ac ce s_s -privilege 
are on the list of trusted individuals; and-vd^em 

said fourth program instructions are recorded on said medium. 

15. (Amended) A computer program product for managing privileges of groups, said computer 
program product comprising: 

_a computer readable medium; 

tfti^ym^ds; first program instructions which upon execution cause a comp uter to 
cggniaiEJiam^^ g ro u ps to a list: of trusted individuals, and de termining 

which memto sare not oii,,th,e list of trusted individuals, "said list being stored in. a comp uter 
readable medium: 
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se^^^jH^r^^ 

ki-gkeg- than us<sr level pr mtege -kav e a memb e r n efr o n - th e lis t of t rusted md *V Hfoafa» and if s e? 
mittPre^id-Hwr^*^^ 

second program instructions which uoon execut ion cause a computer to determine if any 
jCQMBO^ SSfi S SS privilege erroneously have a meniternot 

on the list of [rusted individuals, and if so, remove said member not on the list of trusted 
indiv iduals fro m said .group?. .and 

said first, second and third program instructions are recorded .on said medium and said 
Ik^^md and third program instructions are scheduled for automatic periodic execution, 

16. (Amended) A computer program product for managing privileges of groups, said computer 
program product comprising: 

a computer readable medium; 

first program instructions to determine if any group with an actual privilege iewtaccess 
higher than user tevefaccess privilege has a group name on a list of group names generally used 
for a group with user tevet aecess privilege or no privilege; and 

second program instructions, responsive to a determination of a group with aft-actual 
privilege teve toccess higher than user teve kiccess privilege with a group name generally used for 
a group with user tovelaccess privilege or no privilege, to compare members of such group to a 
list of trusted individuals, and if any member(s) of such group do not appear on said list of 
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trusted individuals, remove said member(s) from such group that do not appear on the said list of 
trusted individuals; and wkefek* 

said first and second program instructions are recorded on said medium. 

17. (Amended) A computer program product for managing privileges of groups, said computer 
program product comprising: 

a computer readable medium; 

first program instructions to determine if any group with aft-aewa* privilege teyeteccess 
higher than user tewtaeaaa privilege has a group name not on a list of group names generally 
used for a group with privilege teve hiccess higher than user teve laccess privilege; and 

second program instructions, responsive to a determination of a group with a« a&tual 
privilege le¥e foecess higher than user j-eve kcccss privilege with a group name not generally used 
for a group with privilege levekicccss higher than user leve teccess privilege, to compare 
members of such group to a list of trusted individuals, and if any members) of such group do not 
appear on said list of trusted individuals, lower the aetnal privilege levslaccess of said group; and 
wherein 

said first and second program instructions axe recorded on said medium. 
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